Privavy Policy

Private Event

Data Protection/Privacy Policy

Privacy Policy for WAAA Photography to comply with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018

Last Updated: 08 05 2026

I, Ronnie Cumming am a sole photographer providing professional photography services. I take your privacy seriously and am committed to protecting your personal data. This policy explains how I collect, use, and store your data when I am hired to photograph private events.

1. The Data I Collect

I may collect the following personal data:

Client Data: Name, address, email address, phone number, and venue details, provided during booking and communication.

Image Data: Photographs and videos taken at your event, which may identify guests or attendees.

Financial Data: Payment information (processed securely via Bank Transfer, I do not store full card details).

2. How I Use Your Data (Lawful Basis)

Under UK GDPR, I process data based on the following:

Contractual Necessity: To provide the services you contracted me for, including taking, editing, storing, and delivering photographs.

Legitimate Interests: To promote my business (e.g., displaying portfolio work). Note: For private events, I will seek your explicit consent before using images publicly or for marketing, as per best practice, even though I own the copyright.

Legal Obligation: For tax purposes, I am required to hold client booking records for 6 years.

3. Sharing Your Data

I will never sell your data. I may share your data with:

Trusted Service Providers: Such as professional photo labs, online gallery providers (e.g., [Gallery Name]), or cloud storage providers (e.g., [Dropbox/Google Drive]) to deliver your photos.

Legal Requirements: If required by law, I may share data with official authorities.

4. Data Security and Retention

Storage: Photos are stored on secure, encrypted hard drives and cloud storage.

Retention - Client Details: Invoices and contract details are kept for 6 years for tax purposes.

Retention - Images: I typically hold high-resolution images for 1–2 years after the event to allow you to order reprints, after which they may be deleted or archived.

5. Your Rights

Under UK law, you have the right to:

Access: Request a copy of the personal data I hold about you.

Correction: Ask for incorrect data to be updated.

Erasure ("Right to be Forgotten"): Request that I delete your images or data, subject to contractual obligations.

Object: Object to the processing of your data, particularly for marketing purposes.

6. Event Attendees & Privacy

At private events, I am the Data Controller. I rely on the event organizer (you) to inform guests that a professional photographer is present. However, I will:

Be clearly identifiable (e.g., wearing a lanyard and/or T-Shirt ).

Respect requests from guests not to be photographed.

With Event Organiser permission I can provide signage at your events by placing a simple, visible notice at the entrance of your private events stating that photography is taking place and who to contact if they wish to opt-out.

7. Contact Information

For any questions about this policy or to exercise your rights, please contact:

Name: Ronnie Cumming of WAAA Photography

To make a request: Email waaa.photography@gmail.com with the subject "Data Protection Request.”

Public Event

Data Protection/Privacy Policy

Privacy Policy for WAAA Photography to comply with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018

Last Updated: 08 05 2026

1. Introduction

I, Ronnie Cumming, trading as WAAA Photography, act as the Data Controller for all photography taken during my professional work. I am committed to protecting the privacy of individuals captured in my images, especially when those images constitute personal data under UK GDPR.

2. Scope

This policy applies to all images taken, processed, stored, and shared by WAAA Photography at public events where individuals may be identified.

3. Lawful Basis for Processing

At public events, I rely on the following lawful bases:

Legitimate Interests: Processing (taking/storing/using) photographs is necessary for my legitimate business interests (e.g., building a portfolio, selling event images to participants, marketing) and does not override the rights of individuals in public places.

Consent: When I take close-up, identifiable portraits of specific individuals, I will aim to get verbal or written consent.

4. Handling Public Event Photography

Notice: I will endeavour to display notices at the entrance of events or wear a clearly marked lanyard/tabard informing attendees that photography is taking place.

Publicity: If an attendee objects to being photographed, I will stop immediately and delete any existing images of them.

Crowd Shots: Photographs of large crowds, where no one person is the main focus, are generally not considered personal data.

Children and Vulnerable Adults: I will avoid taking close-up, identifiable images of children/vulnerable adults without the explicit permission of a parent/guardian.

5. Data Storage and Security

All images are stored on encrypted hard drives and secure cloud storage.

Images will only be retained for as long as they are necessary for the purposes outlined (e.g., until the event gallery expires or for portfolio use).

6. Sharing Data

Images may be shared with:

Event organisers (clients).

Participants (via a secure online gallery).

Social media platforms for promotion.

7. Individual Rights

Individuals have the right to:

Object: Object to their image being taken or used.

Access: Request to see images I hold of them.

Erasure ("Right to be forgotten"): Request that I delete their images from my records.

To make a request: Email waaa.photography@gmail.com with the subject "Data Protection Request.”

WAAA! photography

We Are All Artists photography

catch the creative spirit